Whenever we send a request to the Drupal website from our embedded JS application, we have to send a CSRF token with the request otherwise it is seen as a request forgery issue. You can provide CSRF token to your JS application in the following way:
And in your JS application CSRF token can be accessed from the drupalSettings object. Make sure this token is added to every request to avoid X-CSRF token not found issues.